Single Sign-On is a key feature of SAP Enterprise Portal (SAP NetWeaver Portal or SAP EP) which is used to provide access across backend systems with single login id-password. Here the user is authenticated once and then user can access other systems through portal. This authenticates the user for all the applications they have been given rights to and eliminates further logon prompts when they switch applications during a particular session.
The Enterprise Portal SSO mechanism is available in two variants depending on security requirements and the supported external applications:
- Using User Mapping
- Using Logon Tickets (Recommended)
SSO by user mapping
SSO by user mapping can be used when the system is not capable of accepting SAP Logon Tickets. In this method the Portal user ID is mapped to the user ID and password of the ECC system. Here Portal login id and ECC login id can be different.
Steps in brief
- Create a system in Portal for ECC.
- Set the required properties for the system.
- Set the Logon Method property to UIDPW.
- Set user mapping to access SAP ECC.
As the user’s user ID and password are sent across the network, you should use a secure protocol such as Secure Sockets Layer (SSL) for sending data.
SSO by Logon Tickets:
SAP logon tickets represent the user credentials. The Portal Server issues a logon ticket to a user after successful initial authentication. The logon ticket itself is stored as a cookie on the client and is sent with each request of that client. It can then be used by external applications such as SAP systems to authenticate the portal user to those external applications without any further user logons being required.
SAP logon tickets contain information about the authenticated user. They do not contain any passwords.
Specifically, logon tickets contain the following items:
- Portal user ID and one mapped user ID for external applications
- Validity period
- Information identifying the issuing system
- Digital signature
Thus SSO is very powerful technique to get access to all the resources with just one password.
You don’t have to remember passwords for accessing each resource once SSO is implemented.
But we must be very careful while using SSO as only one password is used for accessing multiple systems.
Please send us your questions, comments or assistance, and our team would be glad to assist you.
By Abhishek Khandelwal. (on behalf of SAP Consulting Team)
SAP :: Streamlined
We offer variety of services including SAP ECC ,SAP HR,SAP BW,SAP CRM, SAP SCM,SAP BPM, Business Objects, SAP ABAP Development, SAP BASIS and SAP NetWeaver consulting. We have expertise in providing implementation,development, SAP Migration and SAP support services to SAP customers across diverse industries at a global level.
Have a question on SAP? Write to our SAP Architect.
(We promise a no-obligation consulting reply)